Welcome to the twenty-ninth edition of Platform Engineering Monthly. As always, if you have suggestions or ideas for the next edition, let me know!

🎤 Last month I gave a lightning talk at KubeCon/Platform Engineering Day EU. If you’re wrestling with AI and Platforms give it a watch, it’s here. Lessons from Putting AI in Front of a Platform: Taming the Non-Deterministic Beast

📰 News

Google Cloud customer wakes up to $18,000 bill despite $7 budget

Another reminder to protect your API keys and ensure they have least privilege. A leaked API key triggered 60,000 attacker requests and an $18k Google Cloud bill that blew through both a $7 budget and a $1,400 spending cap.

Launching S3 Files, making S3 buckets accessible as file systems

AWS launches S3 Files, enabling S3 buckets to be mounted as POSIX-compatible file systems. This is a pretty great extension to S3, it’ll enable workloads that need file semantics without managing EFS or FSx.

Widespread GitHub campaign uses fake VSCode security alerts

Another FYI, a widespread GitHub campaign is targeting developers with fake VSCode security alerts that drop malware. Platform teams managing developer tooling should alert their users!

Netherlands reaches deal to cut reliance on U.S. cloud tech

The Netherlands signs a deal with a European cloud provider to reduce US hyperscaler dependency, it does look like digital sovereignty is shifting from political talking point to procurement policy.

UK told its Big Tech habit is now a national security risk

In related news, a UK government report classifies hyperscaler concentration as a national security vulnerability. The UK government is hugely dependent on AWS, but it’s looking like tighter cloud procurement rules for public-sector and critical infrastructure teams may be on the cards.

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

A coordinated multi-ecosystem blitz targeting developer credentials dropped across April 21–23. After Trivy’s disastrous few months, supply chain attackers have ramped up operations well beyond one-off opportunism.

Kubernetes v1.36: Fine-Grained Kubelet API Authorization Graduates to GA

Per-verb, per-resource kubelet API authorization is now GA in Kubernetes v1.36 - a welcome tightening of an area that’s been coarser than it should be.

📚 Learning

Live migrating hundreds of Kubernetes clusters to Cluster API

Thorough write-up of Giant Swarm live-migrating hundreds of production Kubernetes clusters to Cluster API without downtime.

A practical guide for migrating to Kubernetes Gateway API

A timely piece considering the Ingress deprecation, this is Datadog’s detailed production migration guide from Ingress to the Kubernetes Gateway API.

6,000 AWS accounts, three people, one platform

An interesting read on scaling an AWS Org to thousands of accounts using a single platform.

LLMs on Kubernetes

CNCF walks through the threat model for LLM workloads on Kubernetes, covering supply chain, multi-tenancy, and data exfiltration risks.

I am building a cloud

A good honest read on the unglamorous engineering reality behind bootstrapping cloud infrastructure from scratch.

🧪 Interesting Projects

Kubernetes monitoring Helm chart v4

Grafana’s Kubernetes monitoring Helm chart v4 is the biggest overhaul since launch, it’s got a redesigned configuration model, new collectors, and hugely expanded dashboard coverage.

argo-rollouts

Some great new features in Argo Rollouts. It brings canary, blue-green, and progressive delivery strategies natively to Kubernetes.

npm-security-best-practices

Considering the recent plethora of supply chain attacks, this is a helpfully maintained repository of npm security best practices covering dependency hygiene, publish-time controls, and package integrity checks.

Ministack

I always appreciate more alternatives to localstack now that they have paywalled their provided Docker images. 40+ AWS Services and counting.

📅 Events

PlatformCon 2026

June 22-26, 2026 - Online + London, United Kingdom and New York, USA

The world’s largest platform engineering conference. Shameless plug, I’ll be again, giving talk on how Platform Engineering can help tackle the challenges introduced by AI.

DevOpsCon London 2026

May 11-15, 2026 - London, United Kingdom

Multi-track conference covering CI/CD, Kubernetes, DevSecOps, and cloud-native best practices for DevOps engineers and platform teams.

DevOpsCon San Diego 2026

June 1-5, 2026 - San Diego, California, USA

West Coast DevOps conference covering CI/CD automation, Kubernetes, cloud-native architecture, and DevSecOps practices for enterprise teams.

DevOpsCon New York 2026

September 28 - October 2, 2026 - New York, USA

East Coast US DevOps conference with tracks on CI/CD, Kubernetes, cloud-native architecture, and DevSecOps tailored for enterprise engineering and platform teams.

SREcon26 Europe/Middle East/Africa

October 13-15, 2026 - Dublin, Ireland

USENIX’s premier EMEA SRE conference covering reliability engineering, distributed systems, incident response, and observability at scale.

Have platform engineering tips to share? Reply to this email or connect with me on LinkedIn.